“Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause,” Target data breach affects 40 million accounts, payment info compromised – The Washington Post
If Target’s first priority is preserving the trust of their guests and customers, they have a funny way of showing that. There is still no notice on their website’s landing page about this breach but you best believe their tracking cookies for analytics and advertising are still present. Collect as much data as you can, guys! Lose all of it!
Adobe has issued an important alert for all customers.
There are numerous privacy and financial concerns with this massive breach of Adobe systems, but there is also the existential threat of zero-day exploits in the stolen source code to Adobe’s software.
Changing your IP address or using proxy servers to access public websites you’ve been forbidden to visit is a violation of the Computer Fraud and Abuse Act (CFAA), a judge ruled Friday.
A company called 3taps was scraping content from Craigslist, and putting it elsewhere. Craigslist sent a Cease and Desist, and subsequently turned off access from 3taps network(s) and system(s).
3taps circumvented the block by doing what every teenager in America uses to get to Facebook using their school computer lab: they went behind 9,000 proxies and continued scraping the content. Craigslist, sued 3taps and used the CFAA, because they mad.
[yellow_box]Special shout-out to our Congress for writing this easily misunderstood law, the six amendments to it, and of course to Craigslist making this argument in court in the first place.
Since this provides a nice second security layer to our logins, why don’t take advantage of it also in our Linux box?
For a variety of reasons, I find Duo Security’s offering a much better solution for multi-factor authentication. Having said that, if you object to the ease of use, robust user management, and a slew of other things that Duo does and Google Authenticator doesn’t, I’ll pretend to understand.
Also, seriously, if you use iOS you should be aware that the Google Authenticator application is hideous (though functional). I’d recommend using Authy’s app and service for TOTP tokenized logins, and also point out that the Duo Security app can have TOTP tokens too. The only reason I don’t use that feature is because I blow up my phone enough that having my Google Apps, Cloudflare, App.net, Dropbox and other tokens in an account with Authy is much more convenient.
Did I mention that using Duo Security with WordPress, Remote Desktop, RADIUS, most VPN servers and SSH means that my iPhone floats me a push notification when I login to any of my systems I’ve provisioned for it and it also tells me the source address of the connection? That includes ipv6 addresses, you big nerd.
I really don’t like the term “cyber-war”, but what else are you going to call it when nations are weaponizing exploits to infiltrate other nations?
When unleashed into the wild, exploits can wreak havoc. A zero-day Java exploit was used by unknown hackers allegedly linked to China to penetrate Apple and Facebook’s internal systems. Zero-day exploits obtained from Gamma Group, a British “technical surveillance and monitoring group,” were allegedly used to sneak powerful surveillance software onto the computers of Egyptian, Bahraini, Ethiopian, and Malaysian dissidents.
easily moving sshd off tcp:22
If you are in a campus computing environment or otherwise on the public Internet, you are probably having someone look through the windows and jiggle the doorknobs every few hours. These brute force attacks sometimes allow someone access to a system with a common password, in addition to causing your workstation to be spinning up dozens of sshd processes.